This commit improves tracing and handling of malformed fonts. In
particular, the changes to `pcf_get_properties' fix
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=379
* src/pcf/pcfread.c (tableNames): Use long names for better
readability.
(pcf_read_TOC): Allow at most 9 tables.
(pcf_get_properties): Allow at most 256 properties.
Limit strings array length to 256 * (65536 + 1) bytes.
Better tracing.
(pcf_get_metric): Trace metric data.
(pcf_get_metrics): Allow at most 65536 metrics.
Fix comparison of `metrics->ascent' and `metrics->descent' to avoid
potential overflow.
Better tracing.
(pcf_get_bitmaps): Allow at most 65536 bitmaps.
Better tracing.
(pcf_get_encodings, pcf_get_accel): Better tracing.
* src/pcf/pcfdrivr.c (PCF_Glyph_Load): Don't trace `format' details.
These are now shown by `pcf_get_bitmaps'.
`FT_Load_Glyph' doesn't generate a bitmap for a non-bitmap glyph
until the user calls `FT_Render_Glyph'. However, it always
allocates memory for bitmaps and copies or decodes the contents of a
bitmap glyph, which can be quite slow for PNG data.
* include/freetype/freetype.h (FT_LOAD_BITMAP_METRICS_ONLY): New
macro.
* src/base/ftobjs.c (FT_Load_Glyph): Unset FT_LOAD_RENDER if
FT_LOAD_BITMAP_METRICS_ONLY is used.
* src/sfnt/ttsbit.c (tt_sbit_decoder_alloc_bitmap,
tt_sbit_decoder_load_bitmap): Add argument to control allocation of
the glyph slot.
(tt_sbit_decoder_load_image, tt_sbit_decoder_load_compound,
tt_face_load_sbit_image): Updated.
* src/pcf/pcfdrivr.c (PCF_Glyph_Load): Quickly exit if
`FT_LOAD_BITMAP_METRICS_ONLY' is set.
* src/pfr/pfrsbit.c, src/pfr/pfrsbit.h (pfr_slot_load_bitmap): Add
argument to control allocation of the glyph slot.
* src/pfr/pfrobjs (pfr_slot_load): Updated.
* src/winfonts/winfnt.c (FNT_Load_Glyph): Ditto.
* docs/CHANGES: Updated.
This is a very old patch from openSuSE (from 2006, submitted to
FreeType in 2011) that I forgot to apply.
https://build.opensuse.org/package/view_file/openSUSE:Factory/freetype2/freetype2-bitmap-foundry.patch
Prepend the foundry name plus a space to the family name. There are
many fonts just called `Fixed' which look completely different, and
which have nothing to do with each other. When selecting `Fixed' in
KDE or Gnome one gets results that appear rather random, the style
changes often if one changes the size and one cannot select some
fonts at all.
We also check whether we have `wide' characters; all put together,
we get family names like `Sony Fixed' or `Misc Fixed Wide'.
* src/pcf/pcfread.c (pcf_load_font): Implement it.
* docs/CHANGES: Document it.
Similar to other font formats, this commit makes the parser no
longer check the whole PCF file but only the header and the TOC if
we just want to get the number of available faces (and a proper
recognition of the font format).
* src/pcf/pcfdrivr.c (PCF_Face_Init): Updated.
Exit quickly if face_index < 0.
* src/pcfread.c (pcf_load_font): Add `face_index' argument.
Exit quickly if face_index < 0.
* src/pcf/pcf.h: Updated.
* src/pcf/pcfread.c (pcf_load_font): Take absolute values for
AVERAGE_WIDTH, POINT_SIZE, PIXEL_SIZE, RESOLUTION_X, and
RESOLUTION_Y. In tracing mode, add warnings.
For functions querying a face, bits 16-30 of the face index can hold
the named instance index if we have a GX font. The indices start
with value 1; value 0 indicates font access without GX variation
data.
* include/freetype/freetype.h (FT_FaceRec): Update documentation.
* include/freetype/internal/sfnt.h: Ditto.
* src/sfnt/sfobjs.c (sfnt_init_face)
[TT_CONFIG_OPTION_GX_VAR_SUPPORT]: Get number of named instances and
do argument checks.
(sfnt_load_face): Updated.
* src/truetype/ttobjs.c (tt_face_init)
[TT_CONFIG_OPTION_GX_VAR_SUPPORT]: Use named instance, overwriting
the style name.
* src/base/ftobjs.c (open_face_from_buffer,
open_face_PS_from_sfnt_stream): Updated.
* src/bdf/bdfdrivr.c (BDF_Face_Init): Updated.
* src/cff/cffload.c (cff_font_load): Updated.
* src/cff/cffobjs.c (cff_face_init): Make function exit early for
pure CFF fonts if `font_index < 0'.
Updated.
* src/cid/cidobjs.c (cid_face_init): Updated.
* src/pcf/pcfdrivr.c (PCF_Face_Init): Updated.
* src/pfr/pfrobjs.c (pfr_face_init): Updated.
* src/type1/t1objs.c (T1_Face_Init): Updated.
* src/type42/t42objs.c (T42_Face_Init): Updated.
* src/winfonts/winfnt.c (fnt_face_get_dll_font, FNT_Face_Init):
Updated.
* docs/CHANGES: Updated.
* src/base/ftrfork.c (FT_Raccess_Get_HeaderInfo): Only accept
positive values from header.
Check overflow.
* src/base/ftoutln.c (SCALED): Correctly handle left-shift of
negative values.
* src/bdf/bdf.h (_bdf_glyph_modified, _bdf_set_glyph_modified,
_bdf_clear_glyph_modified): Use unsigned long constant.
* src/bdf/bdfdrivr.c (BDF_Size_Select, BDF_Glyph_Load): Don't
left-shift values that can be negative.
* src/pcf/pcfdrivr.c (PCF_Size_Select, PCF_Glyph_Load): Don't
left-shift values that can be negative.
* src/raster/ftraster.c (SCALED): Correctly handle left-shift of
negative values.
* src/sfnt/ttsbit.c (tt_face_load_strike_metrics): Don't left-shift
values that can be negative.
* src/truetype/ttgload.c (TT_Load_Composite_Glyph,
compute_glyph_metrics, load_sbit_image): Don't left-shift values
that can be negative.
This is just very basic stuff and just a little bit tested on
GNU/Linux only. I won't delve into this since I'm not a Jam user.
* Jamfile: Call `HDRMACRO' for `ftserv.h' also.
(DEFINES): Replace with...
(CCFLAGS): ... this.
* src/Jamfile: Don't call `HDRMACRO' for `internal.h'; this is
already handled in the top-level Jamfile.
* src/autofit/Jamfile (DEFINES): Replace with...
(CCFLAGS): ... this.
(_sources): Add missing files.
* src/cache/Jamfile: Don't call `HDRMACRO' for `ftcache.h'; it no
longer contains macro header definitions.
* src/base/Jamfile, src/cff/Jamfile, src/sfnt/Jamfile,
src/truetype/Jamfile (_sources): Add missing files.
Assure that FreeType's internal include directories are found before
`CPPFLAGS' (which might be set by the user in the environment), and
`CPPFLAGS' before `CFLAGS'.
* builds/freetype.mk (FT_CFLAGS): Don't add `INCLUDE_FLAGS'.
(FT_COMPILE): Make this a special variable for compiling only the
files handled in `freetype.mk'.
(.c.$O): Removed, unused.
* src/*/rules.mk (*_COMPILE): Fix order of include directories.
Work around `features' of X11's `pcfWriteFont' and `pcfReadFont'
functions. Since the PCF format doesn't have an official
specification, we have to exactly follow these functions' behaviour.
The problem was unveiled with a patch from 2014-11-06, fixing issue #43547.
* src/pcf/pcfread.c (pcf_read_TOC): Don't check table size for last
element. Instead, assign real size.
Suggested by Akira Tagoh, see
http://lists.gnu.org/archive/html/freetype/2013-09/msg00030.html
* src/bdf/bdfdrivr.c (BDF_Face_Init): Return Invalid_Argument error
when the font could be opened but non-zero face_index is given.
* src/pcf/pcfdrivr.c (PCF_Face_Init): Ditto.
* src/type42/t42objs.c (T42_Face_Init): Remove unrequired FT_UNUSED
macro for face_index because it is validated in later.
Previously, the loading of a glyph was traced at level 4, if at all.
With this change, all font loading routines emit a tracing message
at level 1, making it easier to select tracing output (for example
using F2_DEBUG="any:1 afhints:7 aflatin:7").
* src/bdf/bdfdrivr.c (BDF_Glyph_Load): Add tracing message.
* src/cff/cffdrivr.c (cff_glyph_load): Ditto.
* src/cff/cffgload.c (cff_decoder_prepare): Improve tracing
messages.
* src/cid/cidgload.c (cid_load_glyph): Use level 1 for tracing
message.
* src/pcf/pcfdrivr.c (PCF_Glyph_Load): Ditto.
* src/pfr/pfrobjs.c (pfr_slot_load): Add tracing message.
* src/truetype/ttgload.c (TT_Load_Glyph): Ditto.
* src/type1/t1gload.c (T1_Load_Glyph): Ditto.
* src/type42/t42objs.c (T42_GlyphSlot_Load): Ditto.
* src/winfonts/winfnt.c (FNT_Load_Glyph): Ditto.
The call was (from the top-level of the FreeType tree):
cppcheck --force \
--enable=all \
-I /usr/include \
-I /usr/local/include \
-I /usr/lib/gcc/i586-suse-linux/4.7/include \
-I include \
-I include/freetype \
-I include/freetype/config \
-I include/freetype/internal \
-DFT2_BUILD_LIBRARY \
. &> cppcheck.log
using cppcheck git commit f7e93f99.
Note that cppcheck still can't handle `#include FOO' (with `FOO' a
macro).
*/* Improve variable scopes.
*/* Remove redundant initializations which get overwritten.
* src/gxvalid/*: Comment out redundant code or guard it with
FT_DEBUG_LEVEL_TRACE.
http://cppcheck.sourceforge.net/
Note that the current version heavily chokes on FreeType, delivering
even wrong results. I will report those issues to the cppcheck team
so that a newer version gives improved results hopefully.
*/* Improve variable scopes.
*/* Remove redundant initializations which get overwritten.
* src/base/ftmac.c ,builds/mac/ftmac.c (count_faces_scalable):
Remove unused variable.
* src/base/ftdbgmem.c (ft_mem_table_destroy): `table' can't be zero.
* src/gxvalid/gxvkern.c (gxv_kern_subtable_fmt1_entry_validate):
Remove functionless code.
* src/tools/ftrandom.c (main): Fix memory leak.
This is essentially a mechanical conversion, adding inclusion of
`FT_INTERNAL_DEBUG_H' where necessary, and providing the macros for
stand-alone compiling modes of the rasterizer modules.
To convert the remaining occurrences of FT_Err_XXX and friends it is
necessary to rewrite the code. Note, however, that it doesn't harm
if some cases are not handled since FT_THROW is a no-op.
